Wine being targeted for adware

Nicholas LaRoche nlaroche at
Wed Jan 14 14:07:06 CST 2009

Stefan Dösinger wrote:
>> As long as the facilities exist for keeping an entire wine bottle
>> isolated from other bottles (and ~/) I don't see this being a major
>> issue.
> They don't.
> Even if you don't have a drive link pointing out of a bottle, a Windows app
> running in Wine can still call Linux syscalls(int 0x80). This is
> possible/needed because Windows apps run as a regular Linux process that
> links in Linux libraries which perform linux syscalls.
> So any Windows malware can break out of the Wine "sandbox"(which isn't a
> sandbox really) by simply using linux syscalls.

On more recent distros (FC9/10) SELinux is enabled by default. Rolling a 
policy specifically for an untrusted bottle would severely limit the 
damage it could do. It could restrict all unnecessary read/write/execute 
access outside of the ~/.wine folder for wineserver and the program.

I see your point though, since none of the aforementioned security 
precautions are commonplace or specifically targeted to wine.

More information about the wine-devel mailing list